3.3 Network Segmentation

Question 1

Explain an Intranet.

Answer 1

A private network that is designed to host the information internal to the organization.

Question 2

Explain an Extranet.

Answer 2

A cross between Internet & Intranet

A section of an organization’s network that has been sectioned off to act as an intranet for the private network but also serves information to external business partners or the public Internet.

Question 3

Explain what a Screened Subnet is.

Answer 3

An extranet for public consumption is typically labeled a demilitarized zone (DMZ) or perimeter network.

In regards to Secure Network Design
A subnet AKA DMZ is placed between two routers or firewalls. bastion host(s) are located within that subnet.

Question 4

What is Zero Trust Security.

Answer 4

Addresses the limitation of the legacy network perimeter-based security model

Trats user identity as the control plane

Assumes compromise / breach in verifying every request. no entity is trusted by default

Question 5

Explain some reasons for segmentation.

Answer 5

Boosting Performance
-Can improve perfomance through an organizational scheme in which systems that often communicate are located in the same segment, while systems that are rarely or never communicate are located in other segments.

Reducing Communication Problems
-Reduces congestion and contains communication problems, such as broadcast storms, to individual subsections of the network.

Providing Security
-Can also * improve security* by isolating traffic and user access to those segments where they are authorized.

Question 6

Explain East-West Traffic.

Answer 6

Where traffic moves laterally between servers within a data center.

North-south traffic moves outside of the data center.

Question 7

Explain VLAN.

Answer 7

Virtual Local Area Network

A collection of devices that communicate with one another as if they made up a single physical LAN

Creates a distinct broadcast domain